User Account Protections

Inactive Session Timeout

Users with a Manager role can add a session timeout to USM Central so that, after a designated period of inactivity, a user's active session will automatically log out.

To set an inactive session timer

Go to Settings > System Configuration.

In the Session Timeout section, select a time duration from the dropdown window.

Settings are automatically saved.

Note: This complies with the PCI Standard 8.1.8

90 Day Inactivity Lock

Inactive users will be locked out after 90 days of inactivity. Managers can unlock the users in the system if they're been locked out, or users can contact AlienVault support to have their account unlocked. Once an account has been unlocked, the user needs to log back in the same day for the system to save their unlocked status.

To unlock an account

Go to Settings > Users.

Click the Unlock button.

Note: This complies with the PCI Standard 8.5.5

Brute Force IP Block

After six failed login attempts on an account, the system will automatically lock the account. The user will then receive an email notifying them of the lockout, and will provide a link that can be clicked to reactivate access to the account.